ID

VAR-202307-1941


CVE

CVE-2023-28728


TITLE

Panasonic  Made  Control FPWIN Pro7  Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002906

DESCRIPTION

A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Panasonic Provided by Control FPWIN Pro7 contains multiple vulnerabilities: * Stack-based buffer overflow (CWE-121) - CVE-2023-28728 It was * Mistake of type (CWE-843) - CVE-2023-28729 It was * memory buffer error (CWE-119) - CVE-2023-28730 These vulnerability information are available at JPCERT/CC and reporting to product developers, After coordinating with product developers, for the purpose of dissemination to product users JVN It was announced at. Reporter : Michael Heinzl MrArbitrary code may be executed by tricking a user into reading a specially crafted file

Trust: 1.71

sources: NVD: CVE-2023-28728 // JVNDB: JVNDB-2023-002906 // VULMON: CVE-2023-28728

AFFECTED PRODUCTS

vendor:panasonicmodel:control fpwin proscope:lteversion:7.6.0.3

Trust: 1.0

vendor:パナソニック株式会社model:fpwin proscope:lteversion:7 ver. 7.6.0.3 and earlier

Trust: 0.8

vendor:パナソニック株式会社model:fpwin proscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002906 // NVD: CVE-2023-28728

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-28728
value: HIGH

Trust: 1.0

product-security@gg.jp.panasonic.com: CVE-2023-28728
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-002906
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202307-1800
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-28728
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

OTHER: JVNDB-2023-002906
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002906 // CNNVD: CNNVD-202307-1800 // NVD: CVE-2023-28728 // NVD: CVE-2023-28728

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Stack-based buffer overflow (CWE-121) [ others ]

Trust: 0.8

problemtype: Mistake of type (CWE-843) [ others ]

Trust: 0.8

problemtype: Buffer error (CWE-119) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002906 // NVD: CVE-2023-28728

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202307-1800

PATCH

title:software   Control FPWIN Pro7  download Panasonicurl:https://www3.panasonic.biz/ac/j/dl/software/index.jsp?series_cd=3359

Trust: 0.8

title:Panasonic Control FPWIN Pro Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=247071

Trust: 0.6

sources: JVNDB: JVNDB-2023-002906 // CNNVD: CNNVD-202307-1800

EXTERNAL IDS

db:NVDid:CVE-2023-28728

Trust: 3.3

db:JVNid:JVNVU96622721

Trust: 0.8

db:ICS CERTid:ICSA-23-192-03

Trust: 0.8

db:JVNDBid:JVNDB-2023-002906

Trust: 0.8

db:CNNVDid:CNNVD-202307-1800

Trust: 0.6

db:VULMONid:CVE-2023-28728

Trust: 0.1

sources: VULMON: CVE-2023-28728 // JVNDB: JVNDB-2023-002906 // CNNVD: CNNVD-202307-1800 // NVD: CVE-2023-28728

REFERENCES

url:https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro

Trust: 1.7

url:http://jvn.jp/vu/jvnvu96622721/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-28730

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-28728

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-28729

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-03

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-28728/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-28728 // JVNDB: JVNDB-2023-002906 // CNNVD: CNNVD-202307-1800 // NVD: CVE-2023-28728

SOURCES

db:VULMONid:CVE-2023-28728
db:JVNDBid:JVNDB-2023-002906
db:CNNVDid:CNNVD-202307-1800
db:NVDid:CVE-2023-28728

LAST UPDATE DATE

2024-08-14T15:41:40.105000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-28728date:2023-07-21T00:00:00
db:JVNDBid:JVNDB-2023-002906date:2024-04-18T08:30:00
db:CNNVDid:CNNVD-202307-1800date:2023-07-24T00:00:00
db:NVDid:CVE-2023-28728date:2023-07-31T20:58:56.437

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-28728date:2023-07-21T00:00:00
db:JVNDBid:JVNDB-2023-002906date:2023-08-22T00:00:00
db:CNNVDid:CNNVD-202307-1800date:2023-07-21T00:00:00
db:NVDid:CVE-2023-28728date:2023-07-21T07:15:09.707